Steffen:
I am running FTPSClient. I do not have control on
the server.
I think you are correnct in your assumption that the
server is running behind a NAT. It is on 172.20.10.50
and the public IP address that is mapped to it is 66.161.40.76.
According to RFC 1918:
The Internet Assigned Numbers Authority (IANA) has reserved the
following three blocks of the IP address space for private internets:
10.0.0.0 - 10.255.255.255 (10/8 prefix)
172.16.0.0 - 172.31.255.255 (172.16/12 prefix)
192.168.0.0 - 192.168.255.255 (192.168/16 prefix)
The IP address is not a routable address and therefore the
connection to it will fail.
How about we do this in the FTPS Client when we get back
an IP address from the server:
if( we are on the same subnet as the server )
Use the IP provided by the server
else
if( the IP address given by the server is a private IP )
Overwrite the IP with the original IP address used to
connect to the server. We should know that from when
we connected to the server.
else
Use the IP provided by the server
That should solve this problem.
I am positive there will be others who will run into this problem
and blame FTPSClient as being broken.
Thanks,
Neil
--
Neil Aggarwal, (214)986-3533, www.JAMMConsulting.com
FREE! Eliminate junk email and reclaim your inbox.
Visit http://www.spammilter.com for details.
-----Original Message-----
From: Steffen Heil [mailto:[EMAIL PROTECTED]
Sent: Thursday, February 08, 2007 2:42 AM
To: 'Jakarta Commons Users List'
Subject: RE: [net-ftp] FTPS timeout when trying to upload a file
Hi
Warning: Wild guessing ahead:
> When my FTP client ...
So you have the client on your side.
> But, admin.quiksilver.com is 66.161.40.76, not 172.20.10.50.
Note, this IP is a private address, which is not even suppost to be routed.
> ... FTPSClient ...
And that is using ftpS.
So I guess the Server itself actually HAS 172.20.10.50 and is behind some
NAT router, which inspects protocolls to replace the internal ip
172.20.10.50 with the external one 66.161.40.76. I also suppose, this works
fine for FTP and external systems never see the internal address.
However, FTPS is SSL-encrypted and as such the NAT-router cannot change or
even see, what's inside the packet. So you get the original reply.
There is nothing you can do about that, except if you can reconfigure the
server.
SFTP doesn't play well behind nat routers, if not configured especially. For
example pure-ftps has an option to specify another ip address for answers as
that one and to ignore the servers ip address. The only other option would
be to enable the nat router to decrypt the ssl connection, which would be
both very cpu-consuming and insecure.
Regards,
Steffen
---------------------------------------------------------------------
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
